From owner-freebsd-security  Sun Nov 18 12:43:22 2001
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 953FD37B417
	for <security@FreeBSD.ORG>; Sun, 18 Nov 2001 12:43:19 -0800 (PST)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id MAA17042;
	Sun, 18 Nov 2001 12:42:33 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda17040; Sun Nov 18 12:42:20 2001
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.6/8.9.1) id fAIKgEk61599;
	Sun, 18 Nov 2001 12:42:14 -0800 (PST)
Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpde61597; Sun Nov 18 12:41:16 2001
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.6/8.9.1) id fAIKfGE03587;
	Sun, 18 Nov 2001 12:41:16 -0800 (PST)
Message-Id: <200111182041.fAIKfGE03587@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdcR3575; Sun Nov 18 12:40:55 2001
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-Sender: schubert
To: Brett Glass <brett@lariat.org>
Cc: security@FreeBSD.ORG
Subject: Re: Patching 4.4-RELEASE against SSHv1 exploit 
In-reply-to: Your message of "Sun, 18 Nov 2001 12:56:07 MST."
             <4.3.2.7.2.20011118124921.041ea050@localhost> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 18 Nov 2001 12:40:55 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In message <4.3.2.7.2.20011118124921.041ea050@localhost>, Brett Glass writes:
> In a recent message to Bugtraq (quoted below), Dave Dittrich notes that 
> an SSH exploit has been specifically tuned to attack machines running 
> FreeBSD 4.x and certain versions of SSH. The hole apparently dates back 
> to the liberally licensed versions of SSH, and so is present in both 
> OpenSSH and SSH, Inc.'s SSH. Is 4.4-RELEASE vulnerable in the default 
> install if sshd is enabled? If so, is there a patch?

This should answer your question:

http://www.securityfocus.com/archive/82/222981


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team      Email:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD
Ministry of Management Services
Province of BC



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message